Hackers who attacked a US government database could now be in possession of vast amounts of personal data on every federal employee, as the extent of the damage had been heavily underestimated, according to a union chief in a letter seen by AP.

“We believe that the
Central Personnel Data File was the targeted database, and that
the hackers are now in possession of all personnel data for every
federal employee, every federal retiree, and up to one million
former federal employees,” the President of the Union of
American Federal of Government Employees (AFGE), J. David Cox,
said in a letter to the Office of Personnel Management (OPM)
director Katherine Archuleta, seen by AP.

Last week, the OPM admitted a major cyber-attack took place in
December 2014, but it was only detected in April. The hack compromised the personal
information of some four million federal employees, the agency
originallysaid.

While US officials quickly blamed China for the attack, Beijing
dismissed the claims saying that jumping to any conclusions and
making hypothetical accusations was irresponsible and counterproductive.

However, based on the OPM's internal briefings, Cox believes that
the intruders might be actually in possession of all military
records and veterans' information, including address, employment
history, and all their benefits history.

The hacked database also
contains hundreds of other pieces of information on every federal
employee, including age, gender, race data and birth
dates.

Cox clearly says that their reassessment of the OPM documents
made them “believe” that Social Security numbers stored
in the database were not encrypted, which is a “cybersecurity
failure that is absolutely indefensible and outrageous.”

The OPM initially understated the breach that was detected in
April and said that the stolen data “could include” some
personal information.

The union called the breach “an abysmal failure on the part
of the agency to guard data that has been entrusted to it by the
federal workforce,” Cox is cited saying in the letter. He
added that almost no “substantive information” was
shared with the union, despite it representing the rights of
close to 700,000 US federal employees.

The OPM said the union’s claims are overestimated and that the
number of those believed affected in the data theft is the same
as the office reported last week. Around 4.2 million people may
have had their information compromised, the OPM spokesman Sam
Schumach told NBC News. That number includes 2.1 million
employees, around one million retirees, and 1.1 million
“separated workers.”

Meanwhile the Senate’s Democratic leader, Harry Reid, again told
the floor that the OPM’s hack was apparently conducted by
“the Chinese,” after being briefed on the “most
secret intelligence information,” according to AP.

Since the attack, discovered during the implementation of new
security protocols, the OPM said it has introduced further
measures, such as restricting access and powers of remote
administrators, and utilizing anti-malware software for more
protection. A review of all connections to the network was also
initiated.

The OPM is continuing their assessment of the damage in
partnership with the federal intelligence agencies to determine
the scope of the intrusion. In their latest press release, the
agency stated there was no evidence thus far that there has been
“any use or attempted use” of personal data derived from
the hack.